Vulnerability Details CVE-2021-22661
Changing the password on the module webpage does not require the user to type in the current password first. Thus, the password could be changed by a user or external process without knowledge of the current password on the ICX35-HWC-A and ICX35-HWC-E (Versions 1.9.62 and prior).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.6%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2021-22661
-
cpe:2.3:h:prosoft-technology:icx35-hwc-a:-
-
cpe:2.3:h:prosoft-technology:icx35-hwc-e:-
-
cpe:2.3:o:prosoft-technology:icx35-hwc-a_firmware:-
-
cpe:2.3:o:prosoft-technology:icx35-hwc-a_firmware:1.9.62
-
cpe:2.3:o:prosoft-technology:icx35-hwc-e_firmware:-
-
cpe:2.3:o:prosoft-technology:icx35-hwc-e_firmware:1.9.62